data_core:rabbitmq
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
data_core:rabbitmq [2023/03/16 17:03] – [How to use RabbitMQ for Secure Resilient Data Transfer] su | data_core:rabbitmq [2023/03/28 06:08] – su | ||
---|---|---|---|
Line 33: | Line 33: | ||
Open " | Open " | ||
- | set RABBITMQ_BASE=%PROGRAMDATA%\RabbitMQ | + | set RABBITMQ_BASE=%PROGRAMDATA%\RabbitMQ |
rabbitmq-service install | rabbitmq-service install | ||
rabbitmq-plugins enable rabbitmq_management | rabbitmq-plugins enable rabbitmq_management | ||
Line 61: | Line 61: | ||
{{ : | {{ : | ||
- | **Hint | + | **Hint** Bookmark this link. |
| | ||
The default login is Guest/ | The default login is Guest/ | ||
Line 75: | Line 75: | ||
* **Routing Key** \\ The routing key to set on messages containing snapshot/ | * **Routing Key** \\ The routing key to set on messages containing snapshot/ | ||
- | |||
Line 89: | Line 88: | ||
- | ===== How to use RabbitMQ for Secure Resilient Data Transfer ===== | ||
- | |||
- | RabbitMQ | ||
- | |||
- | * Messages are not removed from the source queue until an ack is received from the destination queue. | ||
- | * It supports TLS data encryption. | ||
- | |||
- | Altogether, RabbitMQ provides the ideal conduit for Data Core to employ for resilient and secure process data transfer. | ||
- | |||
- | ** 1. Enable RabbitMQ Shovel ** | ||
- | |||
- | RabbitMQ Shovel is a required on the source/ | ||
- | |||
- | Open **RabbitMQ Command Prompt** in admin mode and enter | ||
- | |||
- | rabbitmq-service stop | ||
- | rabbitmq-plugins enable rabbitmq_shovel | ||
- | rabbitmq-plugins enable rabbitmq_shovel_management | ||
- | rabbitmq-service start | ||
- | | ||
- | |||
- | ** 2. Configure Firewall Rules ** | ||
- | |||
- | Firewall rules must be configured on the destination/ | ||
- | |||
- | Open Windows Defender Firewall and configure two new **Inbound Rules**: | ||
- | |||
- | ^ Name ^ Description ^ Port ^ | ||
- | | AMQP | Advanced Message Queue Protocol - employed by RabbitMQ | 5672 | | ||
- | | AMQPS | Advanced Message Queue Protocol Secure - employed by RabbitMQ | 5671 | | ||
- | |||
- | {{ : | ||
- | |||
- | The AMQP rule should only be employed for testing and can be disabled when not required. We also recommending resticting access to the above rules by specifying the permitted " | ||
- | |||
- | ** 4. Create a RabbitMQ User ** | ||
- | |||
- | A new user must be defined on the destination/ | ||
- | |||
- | * Open RabbitMQ Administration UI (http:// | ||
- | * Select Admin > Users | ||
- | * Add User | ||
- | * Name: data_transfer_user | ||
- | * Password: <you decide> | ||
- | |||
- | ** 5. Create a Self-Signed CA Certificate ** | ||
- | |||
- | The certificate is used for TLS encryption. | ||
- | |||
- | Create a self-signed CA certificate, | ||
- | a secure location when issuing new certificates in the future, and save the certificate | ||
- | (without the private key) to a PEM file that can be copied to the upstream server | ||
- | and used directly by RabbitMQ and indirectly by the upstream Data Core node after | ||
- | being imported into the Trusted Root Certificate Authorities store there. | ||
- | |||
- | Create a certificate for a downstream RabbitMQ broker that must act as a server | ||
- | for local and remote clients (i.e. requires the Server Authentication EKU in the | ||
- | certificate) and save the certificate and private key to PEM files for use by | ||
- | RabbitMQ. | ||
- | |||
- | On the destination/ | ||
- | |||
- | C:\Program Files\RabbitMQ Server\certs | ||
- | |||
- | and add the following files: | ||
- | |||
- | * ca.crt | ||
- | * downstream-rabbitmq.crt | ||
- | * downstream-rabbitmq.key | ||
- | |||
- | On the source/ | ||
- | |||
- | C:\Program Files\RabbitMQ Server\certs | ||
- | | ||
- | and add the following files: | ||
- | |||
- | * ca.crt | ||
- | |||
- | ** 6. Create RabbitMQ Configuration File ** | ||
- | |||
- | On the downstream/ | ||
- | |||
- | %AppData%/ | ||
- | | ||
- | Add the following settings: | ||
- | |||
- | listeners.ssl.default = 5671 | ||
- | ssl_options.cacertfile = C:/Program Files/ | ||
- | ssl_options.certfile | ||
- | ssl_options.keyfile | ||
- | ssl_options.verify | ||
- | ssl_options.fail_if_no_peer_cert = false | ||
- | | ||
- | On the source/ | ||
- | |||
- | %AppData%/ | ||
- | |||
- | Add the following settings: | ||
- | |||
- | ssl_options.cacertfile = C:/Program Files/ | ||
- | |||
- | ** 7. Configure RabbitMQ Shovel ** | ||
- | |||
- | On the source/ | ||
- | |||
- | Select Admin > Shovel Management > Add a new shovel | ||
- | |||
- | Complete the form as follows: | ||
- | |||
- | | Name | Data Core Tag Values | | ||
- | | Source | AMQP 0.9.1 | | ||
- | | URI | amqp:// | | ||
- | | Queue | data_core.tag_values | | ||
- | | Prefetch count | | | ||
- | | Auto-delete | Never | | ||
- | | Destination| AMQP 0.9.1 | | ||
- | | URI | amqps:// | ||
- | | Queue | data_core.tag_values | | ||
- | | Add forwarding headers | No | | ||
- | | Reconnect delay | | | ||
- | | Acknowledgment mode | On confirm | | ||
- | |||
- | {{ : | ||
- | |||
- | |||
+ | ===== More RabbitMQ Resources ===== | ||
+ | * [[DataCore: | ||
data_core/rabbitmq.txt · Last modified: 2023/12/14 15:27 by su